"correct_escapes = false" can break case statements with xlat expansions #911

Closed
qnet-herwin opened this Issue Feb 25, 2015 · 0 comments

Projects

None yet

1 participant

@qnet-herwin
Contributor

Start with a clean 3.0.7. In radiusd.conf, change correct_escapes to false, then add the following in the authorize section of sites-enabled/default:

   update request {
       &Tmp-String-0 := 'foo'
   }
   switch "%{tolower:%{request:Tmp-String-0}}" {
       case 'foo' {
           noop
       }
       case '' {
           noop
       }
       case {
           noop
       }
   }
   switch "%{request:Tmp-String-0}" {
       case 'foo' {
           noop
       }
       case '' {
           noop
       }
       case {
           noop
       }
   }

Both should take the case 'foo', but we end up with the following log:

Debug: (0)     switch %{tolower:%{request:Tmp-String-0}} {
Debug: (0)     EXPAND TMPL XLAT STRUCT
Debug: (0)     EXPAND %{tolower:%{request:Tmp-String-0}}
Debug: (0)        --> foo
Debug: (0)       case {
Debug: (0)         modsingle[authorize]: calling noop (rlm_always) for request 0
Debug: (0)         modsingle[authorize]: returned from noop (rlm_always) for request 0
Debug: (0)         [noop] = noop
Debug: (0)       } # case = noop
Debug: (0)     } # switch %{tolower:%{request:Tmp-String-0}} = noop
Debug: (0)     switch %{request:Tmp-String-0} {
Debug: (0)       case foo {
Debug: (0)         modsingle[authorize]: calling noop (rlm_always) for request 0
Debug: (0)         modsingle[authorize]: returned from noop (rlm_always) for request 0
Debug: (0)         [noop] = noop
Debug: (0)       } # case foo = noop
Debug: (0)     } # switch %{request:Tmp-String-0} = noop

For some reason, changes correct_escapes to true fixes this.

@alandekok alandekok closed this in 881f84a Feb 25, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment